XSS vulnerability through a search results page.
The search query is sent as a GET parameter and is not escaped when rendered in the HTML form. This allows code to be executed directly from a malicious URL.
<input name="ctl00$PlaceHolderMain$txtSearch" type="text" value="<script>alert()</script>" id="ctl00_PlaceHolderMain_txtSearch" class="captureKeyPress" onfocus="if(this.value == 'e.g. apply for a licence'){this.value = ''}" />
Reported Fixed
Back